Skip to content

Maintenance

Andrew Hosgood edited this page Nov 7, 2024 · 7 revisions

Operating system dependencies

Dependency Location URL
Slim bookworm Python Docker image https://github.com/nationalarchives/docker/blob/main/docker/tna-python/Dockerfile#L3 https://hub.docker.com/_/python/tags?name=slim-bookworm
libcurl4 https://github.com/nationalarchives/docker/blob/main/docker/tna-python/Dockerfile#L111 https://packages.debian.org/sid/libcurl4
curl https://github.com/nationalarchives/docker/blob/main/docker/tna-python/Dockerfile#L111 https://github.com/curl/curl/releases
build-essential https://github.com/nationalarchives/docker/blob/main/docker/tna-python/Dockerfile#L111 https://packages.debian.org/source/sid/build-essential
libmagic-dev https://github.com/nationalarchives/docker/blob/main/docker/tna-python/Dockerfile#L111 https://packages.debian.org/sid/libmagic-dev

Tools and libraries

A specific version of each tool is declared in code. Upgrading is therefore a concious action.

Dependency Location URL
Poetry https://github.com/nationalarchives/docker/blob/main/docker/tna-python/Dockerfile#L143 https://github.com/python-poetry/poetry/releases
nvm https://github.com/nationalarchives/docker/blob/main/docker/tna-python/Dockerfile#L144 https://github.com/nvm-sh/nvm/releases
NodeJS https://github.com/nationalarchives/docker/blob/main/docker/tna-python/Dockerfile#L181 https://github.com/nodejs/node/releases
gunicorn https://github.com/nationalarchives/docker/blob/main/docker/tna-python/bin/tna-build#L22 https://github.com/benoitc/gunicorn/releases
uvicorn https://github.com/nationalarchives/docker/blob/main/docker/tna-python/bin/tna-build#L23 https://github.com/encode/uvicorn/releases
uvicorn-worker https://github.com/nationalarchives/docker/blob/main/docker/tna-python/bin/tna-build#L24 https://github.com/Kludex/uvicorn-worker/releases

Keeping everything up-to-date

Subscribe to all the tools in order to be notified about new releases.

When a new version is released:

  1. Change its version in the required place
  2. Update the CHANGELOG.md by adding the updated resource in "Changed", "Removed", "Fixed" or "Security"
  3. The build workflow will be run for the image version called preview and the image added to the container repository
  4. If ready, release a new version

Operating system packages

If a CVE is raised for a package (see code scanning results), check what the latest version of the package is with:

# Check for the latest version of libcurl4 available in python:3.13-slim-bookworm
docker run python:3.13-slim-bookworm /bin/bash -c "apt-get update; apt list -a libcurl4"

An example of the output is:

Listing...
libcurl4/stable 7.88.1-10+deb12u7 arm64
libcurl4/stable-security 7.88.1-10+deb12u5 arm64

Use the most up-to-date and stable version in the relevant place in the Dockerfile. In this case, 7.88.1-10+deb12u7.

Release a new version

  1. Update the CHANGELOG.md and specify a version that adheres to semver
  2. Push all changes to main
  3. Create a new release with the version number, ensuring there is a leading v
  4. The build workflow will be run and the image added to the container repository